Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 256131 (CVE-2009-0253)

Summary: www-client/mozilla-firefox Status Bar Obfuscation (CVE-2009-0253)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 257577    
Bug Blocks:    

Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-23 21:52:06 UTC 
CVE-2009-0253 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0253):
  Mozilla Firefox 3.0.5 allows remote attackers to trick a user into
  visiting an arbitrary URL via an onclick action that moves a crafted
  element to the current mouse position, related to a "Status Bar
  Obfuscation" and "Clickjacking" attack.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-08-13 09:54:40 UTC 
Still not fixed in 3.5.2
Comment 2 Jory A. Pratt gentoo-dev 2011-01-14 17:26:21 UTC 
(In reply to comment #1)
> Still not fixed in 3.5.2
> 

Readd us if needed appears to be fixed in current firefox.